Bind 9 is a complete, highly portable implementation of the Domain Name System (DNS) protocol. The Bind 9 name server (named), can act as an authoritative name server, recursive resolver, DNS forwarder, or all three simultaneously.
This integration provides enrichment and visualization for Query, Query Errors, Network, Lame Servers, Notify, and Security log types. It helps to visualize detailed insights into DNS request patterns, DNS communication, proper server configurations, and DNS attacks, ensuring a robust and reliable DNS environment through the out-of-the-box dashboards. Additionally, this integration provides out-of-the-box detection rules. Also, it will collect Bind 9 stats in form of metrics that can be used for visualizations as needed.
To install the Bind 9 integration, run the following Agent installation command and the steps below. For more information, see the Integration Management documentation.
Note: This step is not necessary for Agent version >= 7.58.0.
Linux command
sudo -u dd-agent -- datadog-agent integration install datadog-bind9==1.1.0-
Log in to your Bind 9 device.
-
Open the
named.conffile to add a logging clause:logging { channel <example_channel> { file "/folder_path/file_name.log" versions <unlimited | <integer>> size <size> suffix <increment | timestamp>; print-time (yes | local | iso8601 | iso8601-utc); print-category yes; print-severity yes; }; category <example-category> { <example_channel>; }; }NOTE: Recommended value for
print-timeisiso8601-utcbecause datadog expects all logs to be in the UTC time zone by default. If the timezone of your Bind 9 logs is not UTC please make sure to follow the steps for using a different time zone. Also, check the categories defined by Bind 9.Example logging channel:
logging { channel default_log { file "/var/log/named/query.log" versions 3 size 10m; print-time iso8601-utc; print-category yes; print-severity yes; }; category default { default_log; }; } -
Save and exit the file.
-
Restart the service
service named restart
-
Log in to your Bind 9 device.
-
Open
named.conffile to add a logging clause:logging { channel <example_channel> { syslog <syslog_facility>; severity (critical | error | warning | notice | info | debug [level ] | dynamic); print-time (yes | local | iso8601 | iso8601-utc); print-category yes; print-severity yes; }; category <example-category> { <example_channel>; }; }NOTE: Recommended value for
print-timeisiso8601-utcbecause Datadog expects all logs to be in the UTC time zone by default. If the timezone of your Bind 9 logs is not UTC please make sure to follow the steps for using a different time zone. Also, check the categories defined by Bind 9.Example logging channel:
logging { channel default_log { syslog local3; print-time iso8601-utc; print-category yes; print-severity yes; }; category default { default_log; }; } -
Save and exit the file.
-
Edit the syslog/rsyslog configuration to log to Datadog using the facility you selected in Bind 9:
<syslog_facility>.* @@<DATADOG_AGENT_IP_ADDRESS>:<PORT> -
Restart the following services.
service syslog/rsyslog restart service named restart
Note: Make sure print-category and print-severity are set to yes in the channels configured for Bind 9 application.
-
Edit the
bind9.d/conf.yamlfile in theconf.d/folder at the root of your Agent's configuration directory to start collecting your Bind 9 metrics. See the sample bind9.d/conf.yaml for all available configuration options.init_config: instances: - url: "<BIND_9_STATS_URL>"
-
Collecting logs is disabled by default in the Datadog Agent. Enable it in the
datadog.yamlfile:logs_enabled: true
-
Add this configuration block to your
bind9.d/conf.yamlfile to start collecting your Bind 9 logs.See the sample bind9.d/conf.yaml for available configuration options.
logs: - type: file path: /var/log/named/*.log service: bind9 source: bind9
Note: Change the
pathvariable inconf.yamlto the same path configured in thefileparameter in channels for the Bind 9 application.
-
Add this configuration block to your
bind9.d/conf.yamlfile to start collecting your Bind 9 logs.See the sample bind9.d/conf.yaml for available configuration options.
logs: - type: tcp port: <PORT> service: bind9 source: bind9
Note: Value of
portshould be the same as mentioned insyslog.conf/rsyslog.conf.
Datadog expects all logs to be in the UTC time zone by default. If the time zone of your Bind 9 logs is not UTC, specify the correct time zone in the Bind 9 Datadog pipeline.
To change the time zone in the Bind 9 pipeline:
-
Navigate to the Pipelines page in the Datadog app.
-
Enter "Bind 9" in the Filter Pipelines search box.
-
Hover over the Bind 9 pipeline and click on the clone button. This will create an editable clone of the Bind 9 pipeline.
-
Edit the Grok Parser using the below steps:
- In the cloned pipeline, find a processor with the name "Grok Parser: Parsing Bind 9 common log format" and click on the
Editbutton by hovering over the pipeline. - Under Define parsing rules,
- Change the string
UTCto the TZ identifier of the time zone of your Bind 9 server. For example, if your timezone is IST, you would change the value toAsia/Calcutta.
- Change the string
- Click the update button.
- In the cloned pipeline, find a processor with the name "Grok Parser: Parsing Bind 9 common log format" and click on the
Run the Agent's status subcommand and look for bind9 under the Checks section.
The check is compatible with all major platforms.
The Bind 9 integration collects the following log types.
| Event Types |
|---|
| Query, Query Errors, Lame Servers, Notify, Security |
See metadata.csv for a list of metrics provided by this integration.
The Bind 9 check does not include any events.
See service_checks.json for a list of service checks provided by this integration.
If you see a Permission denied error while monitoring the log files, give the dd-agent user read permission on them.
sudo chown -R dd-agent:dd-agent /var/log/named/For any further assistance, contact Datadog support.